From: bert hubert Date: Sun, 29 Nov 2015 19:45:42 +0000 (+0100) Subject: unify various rings, make generic query infra NOTE - WE STILL DON'T LOCK THE RINGS... X-Git-Tag: dnsdist-1.0.0-alpha1~170^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0ba5eecf27e713ccdbd6dd95458c7f30b1dde731;p=thirdparty%2Fpdns.git unify various rings, make generic query infra NOTE - WE STILL DON'T LOCK THE RINGS CONSISTENTLY --- diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc index 247728550f..cfbb251d3a 100644 --- a/pdns/dnsdist-lua.cc +++ b/pdns/dnsdist-lua.cc @@ -652,8 +652,8 @@ vector> setupLua(bool client, const std::string& confi g_lua.writeFunction("topClients", [](unsigned int top) { map counts; unsigned int total=0; - for(const auto& c : g_rings.clientRing) { - counts[c]++; + for(const auto& c : g_rings.queryRing) { + counts[c.requestor]++; total++; } vector> rcounts; @@ -680,15 +680,15 @@ vector> setupLua(bool client, const std::string& confi unsigned int total=0; if(!labels) { for(const auto& a : g_rings.queryRing) { - counts[a]++; + counts[a.name]++; total++; } } else { unsigned int lab = *labels; for(auto a : g_rings.queryRing) { - a.trimToLabels(lab); - counts[a]++; + a.name.trimToLabels(lab); + counts[a.name]++; total++; } diff --git a/pdns/dnsdist-lua2.cc b/pdns/dnsdist-lua2.cc index 602dc51403..78ca290854 100644 --- a/pdns/dnsdist-lua2.cc +++ b/pdns/dnsdist-lua2.cc @@ -61,6 +61,26 @@ map exceedRespGen(int rate, int seconds, std::function exceedQueryGen(int rate, int seconds, std::function T) +{ + counts_t counts; + struct timespec mintime, maxtime, cutoff; + clock_gettime(CLOCK_MONOTONIC, &maxtime); + mintime=cutoff=maxtime; + cutoff.tv_sec -= seconds; + + for(const auto& c : g_rings.queryRing) { + if(seconds && c.when < cutoff) + continue; + + T(counts, c); + if(c.when < mintime) + mintime = c.when; + } + + return filterScore(counts, mintime, maxtime, rate); +} + map exceedRCode(int rate, int seconds, int rcode) { @@ -97,7 +117,6 @@ void moreLua() g_lua.registerFunction("match", [](NetmaskGroup& s, const ComboAddress& ca) { return s.match(ca); }); - g_lua.writeFunction("exceedServfails", [](unsigned int rate, int seconds) { return exceedRCode(rate, seconds, RCode::ServFail); }); @@ -105,9 +124,20 @@ void moreLua() return exceedRCode(rate, seconds, RCode::NXDomain); }); + + g_lua.writeFunction("exceedRespByterate", [](unsigned int rate, int seconds) { return exceedRespByterate(rate, seconds); }); + g_lua.writeFunction("exceedQTypeRate", [](uint16_t type, unsigned int rate, int seconds) { + return exceedQueryGen(rate, seconds, [type](counts_t& counts, const Rings::Query& q) { + if(q.qtype==type) + counts[q.requestor]++; + }); + + + }); + } diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc index 07783e7af3..9c5e03cf7f 100644 --- a/pdns/dnsdist.cc +++ b/pdns/dnsdist.cc @@ -429,7 +429,7 @@ try for(;;) { try { len = recvmsg(cs->udpFD, &msgh, 0); - g_rings.clientRing.push_back(remote); + if(len < (int)sizeof(struct dnsheader)) { g_stats.nonCompliantQueries++; continue; @@ -457,7 +457,9 @@ try const uint16_t * flags = getFlagsFromDNSHeader(dh); const uint16_t origFlags = *flags; DNSName qname(packet, len, 12, false, &qtype); - g_rings.queryRing.push_back(qname); + struct timespec now; + clock_gettime(CLOCK_MONOTONIC, &now); + g_rings.queryRing.push_back({now,remote,qname,qtype}); // XXX LOCK?! if(blockFilter) { std::lock_guard lock(g_luamutex); diff --git a/pdns/dnsdist.hh b/pdns/dnsdist.hh index 3634ae4cfe..6e824d6efe 100644 --- a/pdns/dnsdist.hh +++ b/pdns/dnsdist.hh @@ -179,12 +179,17 @@ struct IDState struct Rings { Rings() { - clientRing.set_capacity(10000); queryRing.set_capacity(10000); respRing.set_capacity(10000); } - boost::circular_buffer clientRing; - boost::circular_buffer queryRing; + struct Query + { + struct timespec when; + ComboAddress requestor; + DNSName name; + uint16_t qtype; + }; + boost::circular_buffer queryRing; struct Response { struct timespec when;